CVE-2011-2381Code Injection in Mozilla Bugzilla

CWE-94Code Injection5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedAug 9
Latest updateMay 17

Description

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla102 versions+101

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-mxfx-g487-m97q: CRLF injection vulnerability in Bugzilla 22022-05-17
CVEList
CVE-2011-2381: CRLF injection vulnerability in Bugzilla 22011-08-09

💬Community

2
Bugzilla
CVE-2011-2976 CVE-2011-2379 CVE-2011-2380 CVE-2011-2979 CVE-2011-2381 CVE-2011-2978 CVE-2011-2977 bugzilla: multiple security flaws fixed in 3.4.12, 3.6.6, 4.0.2, and 4.1.3 [epel-all]2011-08-08
Bugzilla
CVE-2011-2976 CVE-2011-2379 CVE-2011-2380 CVE-2011-2979 CVE-2011-2381 CVE-2011-2978 CVE-2011-2977 bugzilla: multiple security flaws fixed in 3.4.12, 3.6.6, 4.0.2, and 4.1.32011-08-08